Platform.sh User Documentation

Security & data privacy

Try for 30 days
Flexible, version-controlled infrastructure provisioning and development-to-production workflows
Activate your trial

Security and data privacy are handled in a similar way for all Dedicated projects. See how Platform.sh manages incidents, and how data is encrypted on both Dedicated Gen 2 and Dedicated Gen 3 projects.

Project isolation Anchor to this heading

All Dedicated clusters are single-tenant. The three hosts are exclusively used by a single customer and each cluster is launched into its own isolated network (VPC on AWS, equivalent on other providers).

The network is behind a firewall for incoming connections. Only ports 22 (SSH), 80 (HTTP), and 443 (HTTPS), and 2221 (SFTP) are opened to incoming traffic.

There are no exceptions for this rule, so any incoming web service requests, ETL jobs, or otherwise need to transact over one of these protocols.

Outgoing TCP traffic isn’t behind a firewall. Outgoing UDP traffic is disallowed.

For containers to be allowed to connect to each other, the following requirement must be met:

  • The containers must live in the same environment.
  • You need to define an explicit relationship between the containers in your app configuration.

Is this page helpful?